Main Mode Security Association (Windows Embedded CE 6.0)
1/6/2010
The main mode security association is the first phase in a two-phase negotiation process. During the main mode security negotiation phase, two devices establish a more secure, authenticated channel. The IPSec Internet Key Exchange (IKE) protocol automatically provides necessary identity protection during this exchange.
The following four mandatory parameters are negotiated as part of the main mode security association (SA):
- The encryption algorithm: Data Encryption Standard (DES), Triple DES (3DES).
- The hash algorithm: MD5 (Message Digest function 5) or SHA1 (Secure Hash Algorithm 1).
- The authentication method (Kerberos V5, Certificate, or pre-shared key authentication).
- The Diffie-Hellman (DH) key exchange group to be used for the base keying material.
The following table shows the SA parameters for main mode, in preferential order.
| Encryption | Integrity | DH group |
|---|---|---|
3DES |
SHA1 |
2048 bit |
3DES |
SHA1 |
1024 |
3DES |
MD5 |
1024 |
DES |
SHA1 |
768 |
DES |
MD5 |
768 |